Just to share my experience and thoughts on exam preparation
Feb4Toronto
Member Posts: 14 ■□□□□□□□□□
in SSCP
Just to share my experience and thoughts on exam preparation.
I was considering taking CISSP for over a year, but due to my workload over the past little while I had no brain capacity to study. I did a quick read of 1 domain a year ago but this was it.
I got back to study only 2 weeks prior to the exam which I admit was insane.
Week 1: I had Shon Harris video course from 2006 or 2007 which I watched on fast forward during the first week. I had to skip through some sections since I had to time my study to be done in one week. Overall first week I studied for about 3-4 hours a day. I could not absorb more new material atop of the day to day work activities. I ignored DR domain since this was the one I read a year ago and I didn't have time since I was quite behind already.
Week 2: I used Shon Harris AIO 5th edition book to review sections I was not clear on. I scanned the book for sections not covered in the video course. I took all tests in book. This took me 3 more days, at 4-5 hours a day. The rest of the week was practice tests from the CD that came with the book. I didn't have time for full exam, so I stick to the first practice test section. I took all them and I looked up every single question I answered wrong. I scored 80% - 85% in each section.
Night before: I glanced through new definitions that were added in 2012...
I didn't feel I was 100% ready but one more week would do it for sure. I was considering not taking the test and rescheduling, but it was too late for that and I decided to go and do my best.
I found the test quite interesting. It was heavy on processes, R&Rs, BCP/DR and other "soft" topics and quite light on technical ones.
I took full 6 hours which is quite unusual for me. I didn't take any technical certifications before but I am usually done with exams in 30%-40% of the allocated time. Here you have to read the questions and UNDERSTAND what they are asking. Once you know, it is relatively simple. I was actually done in 5 hours but I took 1 hour to review the whole thing. Surprisingly I changed a lot of my answers during that review. 10 or 20. Interestingly enough, when I was going through the answers I could not believe I made such stupid choices at the beginning.
I had about 5 questions where I didn't know the answer at all. 3 of them were related to one protocol I never dealt with and missed in the book. I took a guess.
The wait was 4 weeks. I emailed them yesterday and got a confirmation I passed. I do not know the score, so I have no clue how well/bad I did. I suppose since I passed it all that matters at this point.
Just one point to make here. My background is somewhat one could call a general IT. During my career I dealt with almost everything that exam covers. Not all areas in depth but there was almost no concept I was not at least aware of. Well, the Biba and etc Models and the Rainbow series books were new to me. I did focus on them of course. However, once you get the idea, it is simple... I've also completed Ms in Computer Science and even though it was over 17 years ago, nothing has really fundamentally changed. OSI model or underlying computer architecture are still the same. Just new colorful packaging with a better marketing This background really helped a lot.
This is pretty much it... Good luck to you all.
I was considering taking CISSP for over a year, but due to my workload over the past little while I had no brain capacity to study. I did a quick read of 1 domain a year ago but this was it.
I got back to study only 2 weeks prior to the exam which I admit was insane.
Week 1: I had Shon Harris video course from 2006 or 2007 which I watched on fast forward during the first week. I had to skip through some sections since I had to time my study to be done in one week. Overall first week I studied for about 3-4 hours a day. I could not absorb more new material atop of the day to day work activities. I ignored DR domain since this was the one I read a year ago and I didn't have time since I was quite behind already.
Week 2: I used Shon Harris AIO 5th edition book to review sections I was not clear on. I scanned the book for sections not covered in the video course. I took all tests in book. This took me 3 more days, at 4-5 hours a day. The rest of the week was practice tests from the CD that came with the book. I didn't have time for full exam, so I stick to the first practice test section. I took all them and I looked up every single question I answered wrong. I scored 80% - 85% in each section.
Night before: I glanced through new definitions that were added in 2012...
I didn't feel I was 100% ready but one more week would do it for sure. I was considering not taking the test and rescheduling, but it was too late for that and I decided to go and do my best.
I found the test quite interesting. It was heavy on processes, R&Rs, BCP/DR and other "soft" topics and quite light on technical ones.
I took full 6 hours which is quite unusual for me. I didn't take any technical certifications before but I am usually done with exams in 30%-40% of the allocated time. Here you have to read the questions and UNDERSTAND what they are asking. Once you know, it is relatively simple. I was actually done in 5 hours but I took 1 hour to review the whole thing. Surprisingly I changed a lot of my answers during that review. 10 or 20. Interestingly enough, when I was going through the answers I could not believe I made such stupid choices at the beginning.
I had about 5 questions where I didn't know the answer at all. 3 of them were related to one protocol I never dealt with and missed in the book. I took a guess.
The wait was 4 weeks. I emailed them yesterday and got a confirmation I passed. I do not know the score, so I have no clue how well/bad I did. I suppose since I passed it all that matters at this point.
Just one point to make here. My background is somewhat one could call a general IT. During my career I dealt with almost everything that exam covers. Not all areas in depth but there was almost no concept I was not at least aware of. Well, the Biba and etc Models and the Rainbow series books were new to me. I did focus on them of course. However, once you get the idea, it is simple... I've also completed Ms in Computer Science and even though it was over 17 years ago, nothing has really fundamentally changed. OSI model or underlying computer architecture are still the same. Just new colorful packaging with a better marketing This background really helped a lot.
This is pretty much it... Good luck to you all.
Comments
-
feb4cissp Member Posts: 27 ■□□□□□□□□□hi,
congrats for passing
what address you emailed to get the results.
thanks -
Feb4Toronto Member Posts: 14 ■□□□□□□□□□I was totally drained after those two weeks and the exam. After the exam there was nothing, no level at all if you could put it that way. I didn't even care any longer. In a couple of days though I figured that in a worse case scenario to hit 80% mark I would have to miss about 45 questions out of 250. I knew I didn't do that bad. The only worry was that weighting system in case I missed some really heavy questions.
-
JDMurray Admin Posts: 13,092 AdminFeb4Toronto wrote: »I figured that in a worse case scenario to hit 80% mark I would have to miss about 45 questions out of 250. I knew I didn't do that bad. The only worry was that weighting system in case I missed some really heavy questions.
-
Feb4Toronto Member Posts: 14 ■□□□□□□□□□And realize, too, that 25 of the items on the CISSP exam don't count towards the final score. That'll probably help more than it'll hurt.
Yep. Worse case = I missed ONLY real question and got all of those 25 right = 250 - 25 = 225 -> 80% = 45 Was I right on that one? And please do not ask why I set the mark at 80%, I have no idea -
kkokko Registered Users Posts: 4 ■□□□□□□□□□What are R&R's? And can you share what resources you used for the new topics
-
Feb4Toronto Member Posts: 14 ■□□□□□□□□□Roles and Responcibilities.
As for resources, whatever Google would bring me. I took CIB and went through every word they've listed under domains. If I didn't see it covered in AIO, I googled it even if I knew what it was and was familiar with the subject. Just to make sure the industry didn't come up with new definitions.
Also, I found about 10 white papers on ISC 2 site that covered cloud computing and a couple more subjects. I captured the definitions there as well. I assumed if this is on their website, it gotta be right as per ISC2.
On the exam, nothing jump out as "new from 2012". I am not saying there wasn't, but nothing I've noticed. -
kkokko Registered Users Posts: 4 ■□□□□□□□□□Thanks!, I will do the same. So there weren't any cloud computing "security" type questions?Feb4Toronto wrote: »Roles and Responcibilities.
As for resources, whatever Google would bring me. I took CIB and went through every word they've listed under domains. If I didn't see it covered in AIO, I googled it even if I knew what it was and was familiar with the subject. Just to make sure the industry didn't come up with new definitions.
Also, I found about 10 white papers on ISC 2 site that covered cloud computing and a couple more subjects. I captured the definitions there as well. I assumed if this is on their website, it gotta be right as per ISC2.
On the exam, nothing jump out as "new from 2012". I am not saying there wasn't, but nothing I've noticed. -
Feb4Toronto Member Posts: 14 ■□□□□□□□□□Correct, there was no cloud computing for me.
Actually, here is the link to a very good summary I mentioned before:
https://www.isc2.org/uploadedFiles/%28ISC%292_Public_Content/Certification_Programs/CSSLP/Cloud%20computing%20security%20concerns.pdf
Play a bit with the link and you will find more useful info.